The House Committee on Energy and Commerce met at 10:00 am on Wednesday, September 30th, to consider two pieces of bi-partisan legislation: H.R. 2221, "the Data Accountability and Trust Act" and H.R. 1319, "the Informed P2P User Act of 2009".

H.R. 2221 requires entities that hold personal information to establish and maintain appropriate security policies to prevent unauthorized acquisition of that data. It also requires companies to notify consumers in the event of a breach of personally identifiable information that results in a reasonable risk of identity theft or fraud. In addition, this bill imposes special requirements on information brokers, those that compile and sell consumer data to third parties, including assuring accuracy of their information, allowing consumer access to their records and the ability to correct inaccurate information. H.R. 2221 supersedes state data breach and notification laws but permits enforcement for State Attorneys General while capping potential damages. Finally, it preempts similar state laws to create a uniform national standard for data security and breach notification.

This bill was amended by an amendment in the nature of a substitute and passed out of Committee by voice vote. For text of this legislation, click here.

H.R. 1319 prohibits distributing P2P software programs without first providing the user with clear and conspicuous notice with regard to the sharing functions of the program, and obtaining informed consent of the user. The bill also makes it unlawful to prevent reasonable efforts to block the installation of a P2P program. Finally, the P2P program must provide a reasonable means to disable or remove the program.

This bill was amended by an amendment in the nature of a substitute and passed out of Committee by voice vote. For text of this legislation, click here.